Password Etiquette

Summary

This information assists you in the best practices to protect University systems and yourself in your day-to-day life.

Body

Danger! Failure to use a strong, well-thought-out password may leave your password vulnerable to attackers. Follow the guidelines below to keep your account safe from intruders.

Use two-factor authentication (2FA)

An easier way to reset your password if it becomes lost or stolen is to turn on 2FA for all accounts that support it. This second layer of protection uses another device you own to verify your login attempt. The verification can be a one-time code from an app or a push notification where you click authorize from a cell phone.

Avoid commonly used passwords 

Commonly used passwords are the first thing an attacker will use to access your accounts. Examples are 1234567, password, abc123, qwerty, welcome, testtest, etc. It is strongly advised that you change these passwords right away if you use them on any accounts that access financial, medical, or any private personal information you do not wish to be public. 

Do not use personal information 

If an attacker wants to learn any information about you, they will look at social media to see what information you have shared.   So do not use your birthday, address, hobbies, or names of kids or pets. 

Choose a longer complex password or passphrase 

A complex, longer password or passphrase will better protect from brute force attacks. The minimum password length should be 14 characters for most accounts. A size of sixteen or above is recommended for banks or medical systems. Here is an example of making a password or passphrase unique and complex. 

Bad example:                      passwordsneedlength 

Complex example:           P@ssw0rdsN33dlength! 

Using allowed symbols numbers and changing where you capitalize words will add complexity. 

Never reuse passwords 

Using the same password on all accounts is a habit that many people have. If your password is ever stolen or guessed by an attacker, they will use it first on any account they can locate. 

Use a password manager 

Having a secure and accessible way of storing and accessing these longer passwords is necessary. Password Managers assist in allowing someone to remember fewer passwords. On a system like this, 2FA is a must because you do not want an attacker getting access to all accounts if they get your master password. Password managers available are 1Password, Bitwarden, or LastPass. 

Do not leave sticky notes or paper with passwords accessible to the public. 

Do not leave your password under your keyboard, mouse pad, or attached to your monitor. While having a non-digital copy of your passwords is advisable, it must be stored securely in a lockbox or locked file cabinet. 

Never share your password with anyone 

A password is similar to an ID. If given to anyone else, that person gets to impersonate you and make you responsible for anything they do. If someone needs access to a system, they need to request access for themselves and not use your credentials. 

How often should you change your password? 

If you haven’t followed all of the tips above, or it has been longer than a year since you last changed it, now is the best time to make the change. If the password is involved in a data breach, becomes compromised, or you suspect someone has been using your password, it needs to be changed immediately. 

Details

Details

Article ID: 138947
Created
Mon 4/4/22 12:07 PM
Modified
Tue 8/1/23 5:03 PM